pikabot | pikabot_core[.]dll | Triage

Sharing

General

Target

pikabot_core.dll
Size

38KB
MD5

9cd94c8ac5c05061bcd4edb8c1e7f8f4
SHA1

d722c153c9ea0b627b09346f1e9e6deec4c3cbe0
SHA256

11cbb0233aff83d54e0d9189d3a08d02a6bbb0ffa5c3b161df462780e0ee2d2d
SHA512

9eea5545db4bd2c4f898f3ca733af839e710754a417615a926df95279db6b3803c230f0f083e5ac4248c4ed8e67e47f4c7fb5a08c5c042da5ecc2c291a363084
SSDEEP

768:gGiEEBGU4Ly9RWFaoF4Vcps8etdvAgV1N:JiLBWLAWFad8eT4u1N

Score

10^/10

pikabot

Malware Config

Signatures

Detects PikaBot botnet 1 IoCs

Processes:

resource yara_rule

sample family_pikabot
Pikabot family
pikabot
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.

Processes:

resource

pikabot_core.dll

Files

pikabot_core.dll
.dll regsvr32 windows x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Exports

Exports

DllInstall
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 140B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 212B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ